Bluebox Raises $18 Million for Mobile Security

The security firm that found the infamous Android Master Key vulnerability in 2013 advances its funding as it moves closer to revealing its commercial solution.

Security startup Bluebox Security has raised $18 million in a round of Series B funding to advance its vision for mobile security. Total funding for Bluebox Security now stands at $27.5 million.

Bluebox rose to public notoriety in the summer of 2013 with the disclosure of what is known as the Android Master Key vulnerability—a flaw that potentially could have left nearly all Android users at risk. The company is also noteworthy because of its executive team, which includes Jeff Forristal as the chief technology officer. Forristal was once best known by his hacker alias Rain Forrest Puppy and for being one of the first security researchers to discuss SQL Injection vulnerabilities.

The new funding will be used to help Bluebox ramp up its go-to-market efforts in 2014. Bluebox CEO Caleb Sima told eWEEK that initially the primary focus for his company was on engineering, and now that the product is almost ready to go, it's time to work on sales and marketing.

Bluebox's technology solution is in beta with Fortune 500 beta customers that are helping to ensure that the right features are in place and the product does what it needs to do, he said.

In terms of what Bluebox's product actually is, Sima isn't yet sharing many details, as his company and its technology are still technically in stealth mode.

"I can't say much, but I can say that the existing players in the mobile space have always focused on managing the device and not paying attention to what matters most at the end of the day, which ultimately is data," Sima said.

In March of 2013, Bluebox did in fact release a solution called "Dexter," which is a static analysis tool for mobile code. Sima said Dexter is a free tool that is useful for security researchers, but it isn't really part of the company's product portfolio.

"It's a research tool that anyone in the community can use if they want to," he said. "Our plans are to continue to keep Dexter free."

The 2013 research into the Android Master Key vulnerability that gained exposure for Bluebox isn't necessarily part of Bluebox's product plans either. Sima said his firm's product focus is all about protecting data and avenues like the Master Key vulnerability that provide attackers with the ability to access things they shouldn't.

"We discussed the Android Master Key exploit as we identified it during some of our in-depth research on things that we're doing commercially," Sima said.

Securing and protecting data, no matter what underlying mobile vulnerability might exist, is what Bluebox's stealth product aims to do, according to Sima. While the public disclosure around the Android Master Key vulnerability is not directly related to Bluebox's product, Sima admitted that the exposure has been a benefit for his business's public awareness.

"We did get a lot of press from the Android Master Key, and we did get a lot of inbound inquires," he said. "But our beta customers were already pretty much set before the disclosure, so for us the Android Master Key didn't drive any new beta customers."

Sima is no stranger to leading security firms into successful exits. He was formerly a co-founder of SPI Dynamics, which was acquired by Hewlett-Packard in 2007.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.